CVE-2021-41919

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webtareas_project:webtareas:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:26

Type Values Removed Values Added
References () https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/ - Exploit, Third Party Advisory () https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/ - Exploit, Third Party Advisory

15 Oct 2021, 14:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
References (MISC) https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/ - (MISC) https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:webtareas_project:webtareas:*:*:*:*:*:*:*:*
CWE CWE-434

08 Oct 2021, 17:44

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-08 16:15

Updated : 2024-11-21 06:26


NVD link : CVE-2021-41919

Mitre link : CVE-2021-41919

CVE.ORG link : CVE-2021-41919


JSON object : View

Products Affected

webtareas_project

  • webtareas
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type